Klaasjan Brand wrote : > On Mon, 2003-04-28 at 15:08, Joe Klemmer wrote: > > On Mon, 2003-04-28 at 03:25, Klaasjan Brand wrote: > > > > > > RHN provides some nice features if you need to use them. But most > > > > people don't need them. Use apt-get/synaptic and have no worries. > > > > > > Use apt-get and let someone else have root access on your machine. > > > You are aware that every rpm you install can contain scripts which > > > run as root? It's just a question of who you trust more, Red Hat or > > > the freshrpms (+ every other apt source you specify) people... > > > > I'd trust Matthias' rpms as much as those from RHN. But I've had > > experience with him as a RH mirror. It's true that there's a very real > > security issue with how rpm works but freshrpms and falshope have been > > quite reliable over the years. > > I'm not trying to make freshrpms look bad, as I'm a happy user myself ;) > but I triggered on the "no worries" a few posts back. I think everyone > should at least make a conscious decision before adding "untrusted" > binaries to their system. > Anyway, I tend to trust Redhat a bit more since they have commercial > interests in keeping their distribution "clean". I don't expect anybody > in the open-source community trying to install back doors on systems, > but who guarantees some rpm server far away won't be hacked into? Well, trust is indeed a concern in this case. And in general, I find social engineering, which includes 'trust', to be by far the bigest threat to any user or system administrator. I don't have any commercial interest in not packaging trojans, although I _can_ guarantee I'll never do so intentionally! ;-) Maybe I should put a big "freshrpms.net, quality packages started during the last milennium" slogan? Nah. I prefer relying on transparency, being available, and "mouth to ear" recommendations. Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Red Hat Linux release 8.0.9x (Phoebe) running Linux kernel 2.4.20-2.54 Load : 0.98 0.58 0.47
